Lucene search
K

274 matches found

Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.30 views

RHEL 7 : python-pip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-pip: when --extra-index-url option is used and package does not already exist in the public index,...

7.3AI score0.03028EPSS
Exploits3References3
BDU FSTEC
BDU FSTEC
added 2024/04/04 12:0 a.m.5 views

The vulnerability of the modular interface between web servers and web applications in Rack, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the modular interface between web servers and Rack web applications is related to the creation of input data that can lead to an unexpectedly long time-consuming analysis of the Content-Disposition header in Rack. Exploiting this vulnerability could allow a remote attacker to...

7.8CVSS6.7AI score0.01503EPSS
Exploits0References8Affected Software4
OSV
OSV
added 2023/11/06 12:15 a.m.1 views

DEBIAN-CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...

6.1CVSS6.2AI score0.00641EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/05 12:0 a.m.7 views

Roundcube Cross-Site Scripting Vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking, and more. A cross-site scripting vulnerability exists in Roundcube versions prior to 1.5.6, 1.6.5, and 1.6.5, which originates from allowing cross-site scripting...

6.1CVSS6.2AI score0.00641EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/09/08 7:51 p.m.12 views

CVE-2023-41318 Unsafe media served inline on download endpoints in matrix-media-repo

matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with Content-Disposition: inline upon download. This vulnerability could b...

4.1CVSS7AI score0.00433EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/08 12:0 a.m.6 views

PT-2023-27903 · Unknown · Matrix Media Repo

Name of the Vulnerable Software and Affected Versions: matrix-media-repo versions prior to 1.3.0 Description: The issue allows an attacker to upload malicious media to the media repository, which is then served with Content-Disposition: inline upon download. This can be leveraged to execute scrip...

5.4CVSS7.4AI score0.00433EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2023/06/23 12:17 p.m.35 views

CVE-2023-29401

A flaw was found in the Gin-Gonic Gin Web Framework. Affected versions of this package could allow a remote attacker to bypass security restrictions caused by improper input validation by the filename parameter of the Context.FileAttachment function. An attacker can modify the Content-Disposition...

4.3CVSS6.8AI score0.00486EPSS
Exploits2References3
NVD
NVD
added 2023/06/08 9:15 p.m.29 views

CVE-2023-29401

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...

4.3CVSS5.7AI score0.00486EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2023/06/08 9:15 p.m.45 views

CVE-2023-29401

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...

4.3CVSS6.2AI score0.00486EPSS
Exploits2References6
Prion
Prion
added 2023/06/08 9:15 p.m.19 views

Design/Logic Flaw

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...

4.3CVSS4.6AI score0.00486EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/08 8:27 p.m.12 views

CVE-2023-29401 Improper handling of filenames in Content-Disposition HTTP header in github.com/gin-gonic/gin

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...

6.5AI score0.00486EPSS
Exploits2References4
CVE
CVE
added 2023/06/08 8:27 p.m.293 views

CVE-2023-29401

CVE-2023-29401 affects the Gin web framework (Context.FileAttachment filename handling). A maliciously crafted filename can make Content-Disposition header use an unexpected name, potentially serving a file with a name different from the one provided. The CVE is scored 4.3 (MEDIUM) with network a...

4.3CVSS4.7AI score0.00486EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2023/06/08 8:27 p.m.29 views

CVE-2023-29401 Improper handling of filenames in Content-Disposition HTTP header in github.com/gin-gonic/gin

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...

4.3CVSS6.3AI score0.00486EPSS
Exploits2References7
Debian CVE
Debian CVE
added 2023/06/08 8:27 p.m.47 views

CVE-2023-29401

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...

4.3CVSS4.6AI score0.00486EPSS
Exploits2
CNNVD
CNNVD
added 2023/06/08 12:0 a.m.6 views

Gin 安全漏洞

Gin is a small JavaScript Markdown editor built with Electron by Marius Küng, a personal developer. Gin suffers from a security vulnerability that stems from an improperly cleaned filename parameter in the Context.FileAttachment function, which can be exploited by an attacker to modify the...

4.3CVSS5.7AI score0.00486EPSS
Exploits2References7
Cvelist
Cvelist
added 2023/06/02 12:0 a.m.22 views

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

8.2AI score0.00737EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/02 12:0 a.m.6 views

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

7.9AI score0.00737EPSS
Exploits0References4
Veracode
Veracode
added 2023/05/17 4:33 a.m.36 views

Reflected File Download

github.com/gin-gonic/gin is vulnerable to Reflected File Download. The vulnerability exists because the FileAttachment function of context.go does not properly sanitize the filename parameter, which allows an attacker to modify the Content-Disposition header and replace the .txt file name suffix...

4.3CVSS6.7AI score0.00486EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/12 8:19 p.m.76 views

Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...

4.3CVSS6.3AI score0.00486EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2023/05/12 8:19 p.m.87 views

GHSA-2C4M-59X9-FR2G Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...

4.3CVSS4.6AI score0.00486EPSS
Exploits2References6
Rows per page
Query Builder